Notifications
Clear all
Topic starter
TBB is designed to 'avoid the disk' but I`ve read that this isn't always the case. If a suspect had downloaded TBB onto a Linux OS and ran it a few times, would it be possible to recover any helpful artefacts about their usage of TBB? Thanks
Posted : 09/11/2019 10:57 am
I would love to do the write up to answer your question, bit someone already beat me to it. Here's a very nice article covering Forensic examination of Tor on Linux. https://
Posted : 10/11/2019 9:45 pm
Topic starter
Thanks Soviet. That work is interesting but from 6 years ago. The more recent papers I've read seem to say very little is written to disk although RAM can offer more of note. Do you have any hands on experience in relation to my query?
Posted : 10/11/2019 10:17 pm